291 matches found
Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)
Tue Nov 11 2008 Tomas Mraz 2.4.2-3 - fix chain verification issue CVE-2008-4989 470079 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
Slackware 12.0 / 12.1 / current : gnutls (SSA:2008-320-01)
New gnutls packages are available for Slackware 12.0, 12.1, and -current to correctly fix the certificate chain verification issue that the upgrade to gnutls-2.6.1 attempted to fix. Without this upgrade, processing a certificate chain containing only one self-signed certificate may cause GnuTLS...
CVE-2002-1106
Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks...
GLSA-200402-05 : phpMyAdmin < 2.5.6-rc1: possible attack against export.php
The remote host is affected by the vulnerability described in GLSA-200402-05 phpMyAdmin 2.5.6-rc1: possible attack against export.php One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to...
CVE-2002-1758
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in...
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...
CVE-2001-0889
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters...
Дырка в OmniHTTPD
Недостаточная проверка ввода пользователя позволяет вставить perl-код в любой файл открытый на запись...
CVE-2000-0745
CVE-2000-0745 affects PHP-Nuke where admin.php3 does not properly verify the administrator password, enabling privilege escalation when a URL omits the aid/pwd parameters. Connected documents provide a detailed exploitation path: an attacker can manipulate URL parameters and the cookiedecode rout...
openssl-ssleay.bypass.txt
Date: Mon, 22 Mar 1999 19:42:49 +0000 From: Ben Laurie To: [email protected] Subject: OpenSSL/SSLeay Security Alert OpenSSL and SSLeay Security Alert --------------------------------- It was recently realised that packages that use SSLeay and OpenSSL may suffer from a security problem: under...